Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
533
Views
0
Helpful
2
Replies

0.0.0.0 ip

r.zekic
Level 1
Level 1

‎12-05-2001 08:06 AM - edited ‎03-08-2019 09:20 PM

hi all,

is it possible to exclude 0.0.0.0 dest. IP or source IP. it's a 2100 sig. ID

regards,

Ross

Labels:
0 Helpful
2 Replies 2

brenden
Level 1
Level 1

‎12-05-2001 08:17 AM

0.0.0.0 is a Global Summary. You can change the signature itself (2100) to not do SUmmarize but to do "FireOnce" in the SigWizMenu (or Modify Signature in nrConfigure window).

Brenden

0 Helpful

marcabal
Cisco Employee
Cisco Employee
In response to brenden

‎12-05-2001 11:36 AM

As brenden mentioned you can change it to FireOnce. This is probably the best solution for your issue with the 2100 signature.

But so you know, with current versions the only way to exclude the 0.0.0.0 ip address is to exclude using the "OUT" keyword. If you type in 0.0.0.0 in the exclusion, packetd won't exclude it, but it will exclude the 0.0.0.0 if the word "OUT" is used. BUT the word "OUT" will exclude not just 0.0.0.0 but ALL external ip addresses.

Also the * will not exclude the 0.0.0.0 ip address. We are in the process of trying ot fix this in the next service pack, but I am not sure what the fix will entail so read the readme when the service pack is released.

0 Helpful
Customers Also Viewed These Support Documents